Walled Garden
Overview
The walled garden allows you to restrict access for clients to a specific set of IP addresses or hostnames prior to authentication through a splash page. This is useful for holding clients captive until they see your splash page and authenticate through it either with a click-through button or with user credentials. If hosting your own custom splash page on a web server, it is required to enter the IP address of your web server into the walled garden range so that the AP may present the splash to the wireless clients.
Using Google OAuth with a Walled Garden
The Meraki sign-on Splash Page can be integrated with Google OAuth, requiring users to log in with credentials from a custom Google domain for network access. This Splash Page can be configured to block Internet access until sign-on is complete, but certain domains need to be added to the "walled garden" of allowed websites in order for OAuth to complete.
This article outlines how to allow Google OAuth to operate while still limiting pre-authentication Internet access.
Assuming a Splash Page has already been configured with Google OAuth, the following configuration steps outline how to add Google's OAuth domains to the walled garden:
- In Dashboard, navigate to Security Appliance/Wireless > Configure > Access Control.
- Select the appropriate SSID or VLAN from the drop-down menu on top.
- Set Captive portal strength to "Block all access until sign-on is complete."
- Set Walled garden to "Walled garden is enabled."
- Add the following domains to the Walled garden ranges:
Note: The following list of domains is subject to changes by Google, and may not be up-to-date. Please refer to Google's documentation and support if OAuth is still blocked.-
www.google.com
-
*.google.(country code, e.g. .ca)
-
accounts.google.com
-
*.googleapis.com
-
*.gstatic.com
-
*.googleusercontent.com
-
apis.google.com
-
-
(optional) To allow access to additional domains before sign-on is complete, append them to the Walled garden ranges.
-
Click Save changes.